Items Tagged with "Regulation"

On October 13 the Securities and Exchange Commission (SEC) released CF Disclosure Guidance: Topic No. 2. This document establishes requirements for public companies to account for the cost of cybersecurity incidents and defenses, as well as to disclose their cyber risk mitigation plans to investors...

Security disclosures can have an impact on a company’s share price. Some organisations actually have no economic impact from a breach. For others, the effect is catastrophic. But, security through obscurity is simply false security and leaves us vulnerable with no way to measure the true risk...

Do you wonder what happens with your financial information when a background check is conducted for a job? Do you wonder what happens to your driver’s license information when you’re asked to provide it on a medical form? Truth is, you’re the only one who can safeguard your privacy...

With several high profile breaches this year, regulators have proposed data breach notification bills and heavy fines for organizations that fail to keep sensitive information safe. The real concern for organizations that have experienced a data breach, however, is customer confidence...

It is probable a service provider or content hosting entity will face a degree of liability dependent on intention. If malware is intentionally posted such as in the Morris’ case, no uncertainty as to whether the conception and insertion of the malware was deliberate exists...

DigiNotar has filed a voluntary bankruptcy petition following a serious breach of security. “We are working to quantify the damages caused by the hacker’s intrusion into DigiNotar’s system and will provide an estimate of the range of losses as soon as possible..."

"An unauthorized third party (hacker) has been active on the CA server that is used for issuing qualified certificates... The integrity of the data on the [DigiNotar] server that is used for production and issuance of qualified certificates is therefore impossible to guarantee..."

There are variables at work that often require security measures above and beyond encryption. The confidentiality of the data you are working with, state, federal and industry regulations, user habits, platforms and more all factor into the security measures needed to safeguard your data...

The devil is in the details with these laws. But there are a number of questions here... These companies are already victims in these attacks, so why are we penalizing them after a breach? I think that's because it's easier to issue fines than it is to track down the criminals and go after them..."

According to the GAO, the FDIC has not always required strong passwords systems; reviewed user access to financial information; encrypted information transmitted over and stored on its network; protected powerful database accounts and privileges from unauthorized use...

FINRA found that Citigroup failed to detect or investigate a series of "red flags" that upon further inquiry should have alerted the firm to the improper use of customer funds, including reports reflecting suspicious transfers of funds between unrelated accounts...

“Complex device identification” is more sophisticated. This security technique relies on disposable, one-time cookies, and creates a complex digital fingerprint based on characteristics including PC configuration, Internet protocol addresses, and geolocation...

In the past, some of the strict foreign data protection laws have not been rigorously enforced, giving businesses breathing room. The enforcement landscape is likely to tighten in the near future, however, increasing the risk of investigations and sanctions for privacy violations...

Privacy by design makes privacy an essential component of the core product or service a company delivers. Spotting privacy issues and addressing concerns before launch aligns products and services with consumer expectations and can save everyone from future headaches...

GRC is not an out of the box solution, which would immediately make you compliant. It is a tool that will allow you to collect information, report to you, help you to make changes in it, put the feedback into the new policy, see how much variance exists...